Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Burton Group issued a press release last week announcing the conclusions of my recent report on Skype. I thought the release clearly stated our conclusions on Skype, which essentially were that there are indeed security and management concerns that enterprises ought to be aware of, but that those risks may be outweighed by the business benefits offered by the use of the application, and that enterprises must carefully weigh risk vs. reward when evaluating Skype usage. more
I recently became aware of the new pay-by-mobile phone service Venmo.com. "Pay friends with your phone, skip the ATM, Settle up on meals, rent, bills and drinks" ... Venmo are using Facebook connect as a way of verifying user identities, at least that is what they claim. more
Encryption is fundamental to our daily life. Practically everything we do online makes use of encryption is some form. Access to our financial transactions, health records, government services, and exchanged private messages are all protected by strong encryption. Encryption is the process of changing the information in such a way as to make it unreadable by anyone except for those possessing special knowledge (usually referred to as a "key"), which allows them to change the information back to its original, readable form. more
Layered security is a concept that's important for anyone who wants to create a strong, successful defense strategy to understand. This is a strategy that relies on the use of multiple lines of defense in an attempt to repel any potential attacks. For this reason, it's based on the principle that says "no single form of protection is enough to stop a determined cybercriminal. more
Speaking at The Times Tech Summit in London, Ciaran Martin, chief of the National Cyber Security Centre (NCSC), warned Russia is seeking to undermine the international system. more
IT security specialists have known for years that the plain DNS is not to be trusted. Any hope for improvement rests on the DNSSEC protocol deployment. In this post, I will review the current status in one critical aspect, namely the DNS root signature key management. The other two foremost are the application usage of DNSSEC protocol functionality and the operational front, or the extent of deployment in the DNS infrastructure. The operational front includes the support by the DNS root nameservers, but my focus on signature key management leaves this issue aside. more
Ah, BYOD. How I love thee. BYOD, or "Bring Your Own Device", gives me choices. I can use a device at work I actually like and am most effective with. (How did I ever get by without my iPad?) But BYOD comes with challenges. Personal devices can be infected with malware. Once they're connected to an enterprise's network, they can be controlled by a bot master to hijack enterprise resources and wreak havoc as part of a botnet. more
In support of National Cyber Security Awareness Month, DDoS Awareness Day is a virtual, global event focused on raising awareness and education around the threat of DDoS attacks. Hosted by Neustar with and exclusive media partner CSO, DDoS Awareness Day brings together top experts in global security to share their views, technical tips and from-the-trenches experience. Attendees will also be given access to a wealth of DDoS materials: white papers, surveys, presentations, best practices and more. more
A paper published by researchers from the Chinese Academy of Sciences, reports a successful demonstration of satellite-based entanglement distribution to receiver stations separated by more than 1200 km -- the results illustrate the possibility of a future global quantum communication network. more
Over the past several years, questions about how to protect information exchanged in the DNS have come to the forefront. One of these questions was posed first to DNS resolver operators in the middle of the last decade, and is now being brought to authoritative name server operators: "to encrypt or not to encrypt?" It's a question that Verisign has been considering for some time as part of our commitment to security, stability and resiliency of our DNS operations and the surrounding DNS ecosystem. more
According to a recent Homeland Security News Wire article, nearly 8 million patient medical records were compromised over the course of the previous two years due to data security breaches. As more hospitals and patient care providers move to store patient data electronically -- primarily as a cost savings effort -- the risk and exposure of our private medical information increases while our individual control over this information diminishes. more
Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this one it's not going to help. If your OS is secure, you don't need the crypto; if it's not, the crypto won't protect your data. In a case like the Anthem breach, the really sensitive databases are always in use. more
The Indian government is seeking to acquire new spyware in an effort to replace the controversial Pegasus system, which has been blacklisted by the US government. more
As with other meetings and conferences, the IGF-USA decided to move our annual event to a virtual format held on 22-23 July. We will discuss important matters of the Internet, using the Internet from our secure Internet access points. This format allows us to continue critical dialogue safe from viruses, murder hornets and whatever else is thrown at us this year. more
Last week, the Federal Communications Commission (FCC) announced new privacy rules that govern how Internet service providers can share information about consumers with third parties. One focus of this rulemaking has been on the use and sharing of so-called "Consumer Proprietary Network Information (CPNI)" - information about subscribers - for advertising. The Center for Information Technology Policy and the Center for Democracy and Technology jointly hosted a panel exploring this topic last May... more
A World-Renowned Source for Internet Developments. Serving Since 2002.